The old adage "the best offense is a good defense" applies to IT as much as it does to the NFL.
Entrepreneur New Years Leader
Get inspiration from the business resources in our guide and help you meet your goals in 2021.
5 min read
The opinions expressed by the entrepreneur's contributors are their own.
At a time when remote working and the associated increased security risks have become the norm, ongoing difficulties in protecting corporate networks indicate that the status quo is not working. Because of this, IT security teams are switching from a passive to an active approach. MITER Corporation (a not-for-profit that manages government-funded research and development centers) recently launched their Shield framework, which clarifies that active defense is critical to overcoming today's threats. Executives, knowing the latest strategies and recommendations, put their companies in a strong position to stay safe.
Related Topics: How To: Protect Your Intellectual Property As A Small Business
The concept of active defense
Shield is an active defense knowledge base developed from over a decade of enemy engagement. MITER tries to collect and organize what it has learned in terms of active defense and opposing engagement. This information ranges from high-level, CISO-enabled reflections on opportunities and goals to more hands-on discussions about the tactics, techniques, and procedures defenders can employ. This latest framework is designed to stimulate discussion about active defense, how it can be used, and what security teams need to know.
Define active defense
Active defense encompasses a wide variety of activities, including enemy involvement, basic cyber defense skills, and cyber deception. This includes the use of limited offensive measures and counter-attacks to prevent an adversary from taking digital territory or assets. Taken together, these activities enable IT teams to stop current attacks and gain more insight into the Perpertrator. Then they can better prepare for future attacks.
As MITER notes, the modern security stack must incorporate deception features in order to truly deter and manage adversaries. In Shield's new tactics and technique mapping, deception plays a prominent role in eight active defense tactics – channeling, gathering, containing, recognizing, interrupting, facilitating, legitimizing and testing – as well as 33 defense techniques.
Related Topics: Implementing Cybersecurity and Future Strategies for Businesses
The truth about deception
Threat actors are continuously targeting corporate networks, from nation-state attackers who see proprietary information to common criminals who wreak havoc and want PII to exploit. Analysts estimate that critical corporate network violations have increased by a factor of three to six, depending on the target.
When leaders think about their security strategy, they need to understand not only what active defense means, but what deception actually is. A prevalent misconception is that deception is synonymous with honey pots that have been around a long time and that are no longer effective. And to make it as realistic as possible takes a lot of management so that attackers who are dealing with a honeypot cannot see that it is not a real system and therefore know that they are in the process of being caught to become.
So it is time to clear that thought. In truth, deception technology and honey pots are not synonymous. That is how the deception began, but it has evolved significantly since then. Today's deception is based on the breadcrumb / deception artifact approach, which leads attackers down the wrong track and issues alerts so defenders can find and stop the attackers in real time. Only unauthorized users know that there is deception as it has no effect on everyday systems, so false positives are drastically reduced. These aspects of deception technology increase the financial value of the IT security organization.
In addition, some organizations mistakenly perceive that deception is too complex and has a comparatively low ROI. Security organizations could enjoy the benefit of using deception technology – which is lightweight and has low maintenance costs – but some hesitate because they feel that it is an overwhelming, complex approach that does not give them enough value. Using technology aids like automation and AI, the deception removes the complexity for which it was previously known.
Corporations tend to think of deception from a technology standpoint, but that's wrong. It should be viewed from the use case standpoint. For example, detection is a fundamental element of any safety program. Everyone needs better recognition skills – an integral part of today's deception tools.
A stronger defense
As cybercriminals' tactics and tools continue to change, so do defenders. An expanded threat landscape and new attack types make this job more difficult than ever. Many organizations around the world have been pushed into a rapid digital transformation this year that has created security loopholes for bad actors. The events of 2020 underscore the need for a better approach to securing critical assets. Active defense is part of this approach as described in the MITER Shield Framework. Deception technology is an agile solution that is worth integrating into a company's security strategy.
Related: 5 Types of Business Data Hackers can't wait to get their hands on it